Hi, I want to propose to allow SPDX-based [5] and REUSE.software [1] compatible license statements as a new option in our KDE licensing policy.
For background information about REUSE and SPDX and why it makes sense, I tried to aggregate the important information in a blog post and will not add any details in this mail: https://cordlandwehr.wordpress.com/2019/12/31/reuse-machine-readable-license-information/ In order to start porting to SPDX identifiers and to allow license statements that are compatible with the REUSE specification, a few changes are needed in our license possibly, which currently is focused on license header statements [2]. Thus, I propose the following changes: 1. Allow SPDX-based license statements by replacing bullet point 3 with: "Each source file either must contain SPDX identifiers or licence headers to state under which terms the software may be used, modified and redistributed. The SPDX identifiers or licence headers stated below must be used. Inside one repository all files shall follow the same system for licence statements." 2. Require REUSE conformance by adding a sub bullet point 3.1 that requires license text to be added in a REUSE compatible way: "For each used SPDX identifier, the licence text must be included compatible with the SPDX specification." 3. Update all SPDX license identifiers in the policy with their current versions (e.g. GPL-2.0 was replaces with GPL-2.0-only to stress the identifier meaning) 4. Specify how to state the LicenseRef-KDE-Accepted-LGPL and LicenseRef-KDE- Accepted-GPL statements. For details see the discussion on the SPDX list [3]. A very short discussion is also on the OSI license review list about the question if the statement that KDE acts as a proxy to accept possible upcoming GPL/LGPL licenses is a license of its own or not. To make these changes easier to review, I prepared a license policy update draft (note the v2 if you saw my previous draft). My goal is to make the changes to the policy as small as possible at the moment to keep the review phase short. (as a side-note, I would like to also talk about a bigger revision at next Akademy, which focuses on a refactoring between the legal requirements of allowed licenses and the technical way how to correctly state licensing information). Here is my policy update proposal: * Proposal: https://community.kde.org/Policies/Licensing_Policy/Draft_SPDX_v2 * Diff to current policy: https://community.kde.org/index.php? title=Policies%2FLicensing_Policy%2FDraft_SPDX_v2&type=revision&diff=87138&oldid=87134 I would be very happy to receive feedback if this proposal goes into the right direction and if we shall go forward this way. Also (mostly for the legal experts), I would be glad if you could carefully read the LicenseRef-KDE- Accepted-LGPL and LicenseRef-KDE-Accepted-GPL statements and give me feedback. Those are based on our current license statements but try to better integrate with the SPDX based license statements. Cheers, Andreas [1] https://reuse.software/ [2] https://community.kde.org/Policies/Licensing_Policy [3] https://github.com/spdx/license-list-XML/issues/928#issuecomment-562945646 [4] http://lists.opensource.org/pipermail/license-review_lists.opensource.org/ 2019-December/004454.html [5] https://spdx.org/